The Reuters news agency reported a sudden increase in violent and pornographic images and videos on Facebook. Our colleagues at other security vendors have written more about the matter in their respective blogs, providing some additional details of what Facebook’s customers saw and identifying a variant of the seven-year-old Win32/Bifrose Trojan as the source of the problem and speculating that this might be a late arrival of the Fawkes virus that Anonymous claimed it was going to unleash on Facebook for Guy Fawkes Day.
ESET security researcher Aryeh Goretsky commented: “A quick review of my personal account and a check-in with my other Facebook-wielding colleagues revealed a couple of nothing more than a couple of suggestive pictures, complete with snarky comments embedded in them, from the usual sources and no discussion of violence or pornography pandemics. While our collective Facebook usage is described as casual at best, it seems unusual that several dozen security researchers who keep an eye or two on Facebook wouldn’t have noticed something suspicious should there have been outbreaks of violence and pornography there. After all, if nothing else, it makes for good blog fodder.”
Regardless of the history or scope of this threat, Facebook Security has not provided any updates on the matter, which leads ESET to believe that while the imagery spread by the trojan on Facebook may be disturbing, it’s effect is limited in scope and not cause for alarm.
As we do not have any specific countermeasures to share with you for this non-event, ESET would like to provide some prescriptive guidance about staying safe online, especially when using Facebook:
- Keep your operating system, applications like Adobe Reader and Flash, and tools like Java up-to-date. Malware often exploits vulnerabilities in these applications to infect your system, so keeping them updated with the latest versions reduces their vulnerability.
- Maintain a healthy sense of skepticism when you are sent links to take surveys, view videos or perform other activities online by friends. That friend may be the latest victim of a social engineering scammer who is looking to spread the infection to others.
- Use a unique memorable password for websites that you visit, especially social media ones. That way, if your account does get compromised on one site, accounts on other sites will not fall victim to the attacker.
- Do not access social media, banking, webmail or sites from public Wi-Fi hotspots. An attacker may be monitoring these to get your username and password.
- If you find you must access these services from an untrusted network connection, be sure you specify the secure login option and make sure the URL in the address begins with https:// and not http://, which means a secure connection has been established with that website’s server.
- Consider changing your password when you get back to your secure network connection.
- Keep your security software (antimalware, firewall and so forth) up-to-date. While security software cannot protect you from all threats, it does provide a high degree of protection, and making sure it is current helps ensure your privacy and security online.